Honesty is the best policy when it comes to security
It has never been harder for businesses to build and preserve a relationship of trust with their customers. The rise of increasingly sophisticated, and targeted, cyber-attacks means there are more threats to watch out for than ever before. But letting just one slip through the net could spell disaster and damage even the strongest of partnerships, beyond repair. Just ask any major organization that has lost confidential customer data through a security breach.
When online retailer eBay reported that its network had been compromised earlier this year, it's no wonder that its message to customers was "the trust and security of eBay members is our top priority". The need to maintain trust in the face of a successful hack is critical.
Organizations that suffer cyber-attacks usually see not only a drop in their share price, but also in customer numbers. After all, in such an ultra-competitive business landscape, customers have many options for where to take their business.
The associated loss of trust has a damaging effect that can take months or even years to repair. Similarly, a government agency that is unable to protect citizens' data could lose public confidence to the extent that is becomes politically very damaging.
Loss of trust, though, goes far beyond the cost of lost orders and public confidence; many studies have shown that businesses that suffer a significant data breach also experience record drops in innovation and staff numbers as a result. It is difficult to measure the exact costs but, according to the 2014 Cost of Data Breach Study from the Ponemon Institute, the cost per lost or stolen record increased for the seventh consecutive year.
Based on the experience of the forty organizations participating in the study, the average per capita cost increased from $146 to $162 and, with typical compromises impacting between 2,300 and 99,000 records, that is a huge hit to the bottom line!
However, with the odds stacking against you, we know that it is no longer a question of if you get attacked, but when. So given this sense of inevitability, that you will be compromised, what can you do to secure your company's future?
First of all, it is critical that security teams recognize and acknowledge the "new normal". Rather than burying their heads in the sand and hoping against hope that it never happens, they need to be honest with themselves and accept that it is highly likely to happen and then act accordingly. By assuming you will be compromised, and putting yourselves in the role of the attacker and what they see, you can start to review your security in a different light and plan accordingly.
With a deeper understanding of the methodical approach that attackers use to execute their missions, you can identify ways to strengthen defenses and be able to respond quickly to limit the damage when it does happen.
Defenders must use the very same capabilities as the attackers, to better protect against attacks, including:
Attackers will gain full visibility of your IT environment, so you must too. To more effectively protect your organization, you need a baseline of information across your extended network (which includes endpoints, mobile devices and virtual environments) with visibility into all assets, operating systems, applications, services, protocols, users, network behavior as well, as potential threats and vulnerabilities. Seek out technologies that not only provide visibility but, also offer contextual awareness by correlating extensive amounts of data related to your specific environment to enable more informed security decisions.
You need to work smarter, not harder. Hackers are using automated methods to simplify and expedite attacks. Using manual processes to defend against such attacks are inadequate. You need to take advantage of technologies that combine contextual awareness with automation, to optimize defenses and resolve security events more quickly. Policy and rules updates, enforcement, and tuning, are just a few examples of processes that can be intelligently automated to deliver real-time protection in dynamic threat and IT environments.
In an age when hackers are conducting extensive investigation before launching attacks, security intelligence is critical to defeat attacks. Technologies that tap into the power of the cloud, and big data analytics, deliver the security intelligence you need, continuously tracking and storing information about unknown and suspicious files across a widespread community and applying big data analytics to identify, understand, and stop the latest threats. Not only can you apply this intelligence to retrospectively secure your environment, mitigating damage from threats that evade initial detection, but you can also update protections for more effective security.
When maintaining the trust of customers, it is critical to not only make it harder for attackers to succeed, but also to have the visibility across your network so that you see when something unusual or unexpected happens.
After all, research shows that cyber criminals often remain undetected for months or even years once they successfully get in.
Finding them quickly and seeing what they have been doing and what applications and databases they have been compromising is the secret to preventing lasting damage. Then you can begin the process of being truthful with your customers, by letting them know you have a problem, but that it is under control and access to sensitive data is limited. It is in this way that you can rebuild trust and ensure a prosperous future.
Sean Newman is field product manager for Cisco's Sourcefire across EMEA
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.